After much kernel bisecting by me that yielded nothing of value, it turns out the bug isn't the kernel, it's a change in Fedora's default sysctl.conf settings between F29 and F30 that enable a new-ish kernel "feature". The "feature" turns on this behavior.
Thanks to Andrew Morton and especially Al Viro for figuring this out for me as I'm pretty sure a sysctl of some obscure feature would have been the last place I would have looked!
The solution is: echo 0 >> /proc/sys/fs/protected_regular
The new feature is (and it may be systemd deciding this):
* The fs.protected_regular and fs.protected_fifos sysctls, which were added in Linux 4.19 to make some data spoofing attacks harder, are now enabled by default. While this will hopefully improve the security of most installations, it is technically a backwards incompatible change; to disable these sysctls again, place the following lines in /etc/sysctl.d/60-protected.conf or a similar file: fs.protected_regular = 0 fs.protected_fifos = 0
The bz is: https://bugzilla.kernel.org/show_bug.cgi?id=205727